deps: add ata JSON Schema validator for node.config.json#62603
deps: add ata JSON Schema validator for node.config.json#62603mertcanaltin wants to merge 5 commits intonodejs:mainfrom
Conversation
|
Review requested:
|
nodejs-github-bot
added
lib / src
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #62603 +/- ##
==========================================
- Coverage 89.81% 89.80% -0.01%
==========================================
Files 699 699
Lines 216331 216436 +105
Branches 41355 41389 +34
==========================================
+ Hits 194294 194367 +73
+ Misses 14156 14150 -6
- Partials 7881 7919 +38
🚀 New features to boost your workflow:
|
|
IMHO this is a bit too much, an extra dep for a schema parser inside Node.js (not to mention that is not even v1.x) This is not a blocker, this is just my personal opinion |
|
That's a fair concern. The dependency is intentionally minimal, it only uses simdjson which is already in core (no new external dependencies since it's built with ATA_NO_RE2). On the version, you're right it's pre-1.0, but it already passes 96.9% of the official JSON Schema Test Suite. Happy to work toward 1.0 if that's a requirement. |
|
Maybe ata could also be exposed to JS userland as an API if it ends up being vendored in? |
|
Yes, that's the plan! The initial PR focuses on The main prerequisite is getting the security story solid first, we've already submitted to OSS-Fuzz and all 283 nst/JSONTestSuite tests are passing. |
|
@mertcanaltin check also https://www.npmjs.com/package/@exodus/schemasafe testsuite |
|
Thanks @ChALkeR, I ran the schemasafe test suite against ata (draft2020-12): 95.3% pass rate, 1103/1157, 59 skipped (remote refs). Main gaps are unevaluatedProperties/Items annotation tracking, some $ref URI edge cases (URN, absolute-path), grapheme counting in minLength/maxLength, and a few optional format semantics. Running the suite also helped me catch a few things I fixed since: recursion depth guard for circular $ref, proto handling in const/enum, and date format range checks. $dynamicRef is fully passing now (42/42). Working on the rest. |
mertcanaltin
force-pushed
the
feat/json-schema-validation
branch
from
edc0176 to
85e4bca
Compare
|
CI says: |
Qard
left a comment
Qard
left a comment
There was a problem hiding this comment.
While it is a non-trivial amount of C++, it is all neatly contained in the external ata dependency where we can trivially iterate on any correctness requirements if there's any of the remaining spec features folks think are essential. The actual integration surface area is extremely minimal and straightforward.
I think it looks great. Excellent work! 👏🏻
mertcanaltin
force-pushed
the
feat/json-schema-validation
branch
3 times, most recently
from
33202b7 to
32ba0e9
Compare
|
thanks for review @Qard, I some conflicts solved, if have available time, can you review again ? |
Add ata (v0.8.0) as a bundled dependency for JSON Schema Draft 2020-12 validation. Config files are now validated against a generated schema before option parsing, providing clear type error messages to users. - deps: add ata v0.8.0 JSON Schema validator - src: validate config after simdjson parse, before option loop - build: add shared library support and nix fileset for ata - test: add schema validation and process.versions.ata tests
mertcanaltin
force-pushed
the
feat/json-schema-validation
branch
from
32ba0e9 to
5bdb5f5
Compare
lemire
left a comment
lemire
left a comment
There was a problem hiding this comment.
Looks fine to me but I recommending adding more tests. Currently, the builtin tests are somewhat mininal.
|
Thanks @lemire, added more test coverage, type mismatches for boolean, number, array, and nested array items, plus positive tests for valid configs and empty objects. |
avivkeller
left a comment
avivkeller
left a comment
There was a problem hiding this comment.
Can you add an update script?
mertcanaltin
force-pushed
the
feat/json-schema-validation
branch
from
d72a1af to
1bf468e
Compare
I added thanks @avivkeller |
|
@mertcanaltin could it notice mistakes like #61595? |
Adds compile-time warnings for misplaced keywords (e.g. minItems inside a string-typed schema). Addresses review feedback about detecting schema mistakes like nodejs#61595.
Yes, updated ata to |
Remember to update the GitHub workflow to call your added script |
Thanks for helps, I added GitHub workflow. |
8 participants
Adds ata-validator (v0.8.0) to validate
node.config.jsonagainst its JSON Schema before parsing.Clear error messages for invalid config instead of generic "Invalid value" errors.
Example output:
What's included:
deps/ata/with ata-validator built usingATA_NO_RE2(no extra dependencies, only simdjson which is already in core)node_config_file.ccbefore existing parsingprocess.versions.ataSpec compliance:
@exodus/schemasafetest suite$dynamicRef/$anchor: 42/42 (100%)Security:
$ref__proto__safeconst/enumcomparisonrefs: #62598